Websense Uses Microsoft Error Reporting Program To Uncover New Attacks


Over four months, the Websense researchers collected 16 million bug reports. It then created a fingerprint of a failed zero-day exploit targeting Internet Explorer and searched the bug reports for examples of the fingerprint, finding five matching examples across four organizations.

The attacks detected on the four organizations were carried out by a cybercriminal organization against targets in Japan and is believed to be the same group responsible for the Bit9 breach carried out last year. The Websense research indicates that targets are believed to be more widespread, uncovering an attack attempt using the exploit on a global telecommunications firm in December.

Websense also detected and blocked other malware used by the group, including the Houdini worm, a remote access Trojan associated with targeted attacks. In addition to the global telecommunications firm, Websense said it detected an attack on a government organization.

Websense also identified a campaign against point-of-sale systems that uses malware designed to scrape the memory of payment transaction systems to steal credit card numbers, credentials and customer billing information. The company said that the Watson crash reports it examined came from a large clothing retailer located in the Eastern U.S. and appears to be a wave of infections targeting the retail industry with variants of the Zeus malware family.

"The three command-and-control servers that we have observed do not appear to be part of a typical Zeus-based mass-malware infection, but targeted specifically at the wholesale/retailer industry," Websense said in its report. "We believe that these results indicate that malware based on the leaked Zeus and RAM-scraping code is actively targeting point-of-sale terminals to steal customer credit card data."

Solution providers told CRN that Websense, which named former RSA executive Shawn Pearson as its new vice president of worldwide channel sales in August, is responding to a growing need for new threat detection capabilities that can identify sophisticated attacks. The company's research and development arm has developed new capabilities for its line of appliances that go beyond typical features in Web security gateways, they said. 

Customers are taking a serious look at being more proactive to security threats, said Paul Radtke, vice president of technology at TSR Solutions, a Germantown, Wis.-based Websense partner. Radtke said TSR Solutions has been conducting more penetration tests for clients to help them reduce vulnerabilities and configuration weaknesses that open up holes.

"Security seems to be getting more and more on the minds of business owners every day," Radtke said. "It's gone beyond compliance because there seems to be new threats in the news all the time."

PUBLISHED FEB. 19, 2014